Category Archives: Technology

Changing Name on a VMware vCenter Server

English, Technology, Virtualization, VMware, , , ,

Yesterday I moved the company’s VMware vCenter Server over to a new Active Directory Domain. This included…

  • Removing the server from the old domain
  • Changing the IP-address on the server
  • Adding the server to the new domain controller
  • Making sure the ESX hosts found its “new” owner

Careful planning is the key to success in such operations. Up front, all the ESX hosts had been upgraded and configured in such a way that they already utilised the new infrastructure.

However, a few quirks did arrive, and these are the ones that I will outline here. My guess is that 80% of the people arriving here from a search engine got these problems.

Feel free to jump to that section right away.

For the record; I’m using vCenter Server version 4.1.0, build 258902 on Windows Server 2008 R2 Standard (64-bit).

Sections

Step by Step

There is only a few things you need to make sure before you begin, otherwise you might get a nasty surprise when all your virtual machines reboot.

Also, if you are going to change the IP-address on the vCenter Server, make sure that all your ESX hosts can communicate with the new address range.

The ESX hosts should be able to survive without a panic when the vCenter Server goes down for maintenance. But this can depend on how you have configured your vCenter Server.

1. Remove the vCenter Server from old domain

Log into the vCenter Server with Remote Desktop (or via a console) and remove it form the old domain. Reboot.

2. Change IP-address on the vCenter Server (optional)

Next step depends if you actually need to change the IP-address. If you don’t, you don’t. If you do, have in mind that you will lose connection once you click “ok” or “apply”. Don’t forget to change the gateway and DNS-server addresses as well.

In my case I had to change the VLAN bindings on the switch port. We keep out two domains on separate VLANs.

3. Add vCenter Server to new domain

Add the vCenter Server to the new domain. No surprise here either. Complete the process with a reboot.

4. Update configuration files on ESX hosts (may depend on step 2)

The ESX hosts will most likely acknowledge the vCenter Server before you get to this step because of fingerprints and other magic. But nonetheless, log into the ESX server with ssh and edit the vpxa.cfg file. All the commands here has to be executed as the root user.

(Before you start; log into each ESX host with the vSphere Client and add a user with rights to log in remote via ssh.)

#nano /etc/opt/vmware/vpxa/vpxa.cfg

(Actually this only applies to those who changed the IP-address in step 2)

Change the IP-address listed between the <serverIP> tags in the file, like so:

<serverIp>192.168.20.20</serverIp>

Given that the new vCenter Server address is 192.168.20.20. Save using Ctrl+X.

Also, check the hosts file for any references to the old address or domain name.

#nano /etc/hosts

In my case I changed it from

192.168.10.10  vcenter   vcenter.domain.com

to the following

192.168.20.20  vcenter   vcenter.domain.lan

and save using Ctrl+X. (Yeah, we change from a .com domain to a .lan domain)

If you have changed the vpxa.cfg file you will also have to restart two management agents on the ESX hosts.

Make sure you haven’t configured auto start/stop on the Virtual Machines at this point. If you have, disable it. Restarting services may lead to an unexpected reboot of all the virtual machines running on the ESX host.

#service mgmt-vmware restart
#service vmware-vpxa restart

5. Restart VMware Virtual Center Service

Log into the vCenter Server and start the services console. Just type “services.msc” in the run dialog.

Find and select the VMware VirtualCenter Server service and restart it. It may also drag another service with itself in the process. No problem.

6. Log in using vSphere Client

Start the vSphere Client and log in using the new domain name and your administrator credentials.

Hopefully everything is up and running and all the ESX hosts are connected. I would advice you to take a look at the KB-articles in the last section before you actually attempt to follow this guid. They will give you a better understanding about how this works.

Now; vCenter Server still contains some references to the old server and/or domain name. So keep reading.

vCenter Still Contains References to the old Server or Domain Name

This can, and mostly will, happen to you too. And the way I found out was when I tried to log into the vCenter Server using vSphere Client and VMware Update Manager (a plugin) complained about being unable to reach the server, referring to the old domain name.

There was an error connection to VMware vCenter Update Manager. The request failed because the server name could not be resolved.

Turns out that the old name is soft coded into different configuration files and registries.

vCenter Error Message

I had to make changes to the following files and places:

  • VMware vSphere Client
  • Windows Registry
  • vci-integrity (only if Update Manager is installed)
  • ADSI Edit

1. vSphere Client changes

In the menu, choose Administration and vCenter Server Settings.

If you are using a license server, and the service is installed on the same machine as the vCenter Server, you have to check the settings under Licensing.

vCenter Licensing Settings

And under Advanced Settings you may have to change the following keys:

  • VirtualCenter.InstanceName
  • VirtualCenter.VimAPiUrl
  • VirtualCenter.VimWebServicesUrl

vCenter Advanced Settings

2. Windows Registry

Using regedit from the run menu, navigate to the following places:

HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter

Check the string named VCInstanceId.

Windows Registry Editor

Also check the following place:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Update Manager

and update the data on the string VUMServer.

3. Update vci-integrity.xml

This file is found at C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vci-integrity.xml (only if Update Manager is installed on the server).

Search for the tag <vpxdLocation> and make sure the address is correct. It’s either an IP-address or a FQDN. Save the file and exit.

4. ADSI Edit

This little gem is located under Administrative Tools. Start it up and right click on the object ADSI Edit. Choose Connect and use the following settings…

  • Name: VC (not important actually)
  • Connection Point: dc=virtualcenter,dc=vmware,dc=int
  • Computer: localhost:389

Some of the objects here will have unique names, so they will be named differently on your system. So in the simplest form, go through each and every object under OU=ComponentSpecs and OU=Instances and right click and select Properties.

Windows Registry EditorScroll through the list and edit every attribute that contains a reference to the old server name.

When all this is done, restart the VMware services or just reboot the vCenter Server. I would recommend a full reboot to make sure the all the changes are active.

Sources

Pentax AF-330FTZ and Hanimex 325AZ Trigger Voltage

English, Photography, Technology, , , ,

Just a short post about camera flashes and trigger voltage.

Canon specifies a safe trigger voltage up to 6 volts using the hotshoe on their digital cameras. If it’s higher, it might damage the camera. So I have measured the trigger voltage on two older flashes I have lying around, since I didn’t get (m)any hits searching the interewebz.

Pentax AF-330FTZ has a trigger voltage of 3.14V
Hanimex 325AZ has a trigger voltage of 110V

So the Pentax AF-330FTZ should be safe. Hanimex 325 however, isn’t. What’s kind of scary is that I have used the Hanimex on several occasions on my 350D. Luckily no harm done (as far as I can tell).

Update: Found this web page explaining some more around this issue.

I take this to mean that all Canons DSLRs newer than the 350D, as well as all the professional models, can use flash with trigger voltages up to 250 volts in their hot-shoe. However, 6 volts is the safe limit for the D30, D60, 10D, 300D, and Canon’s digital compact cameras.

OpenWRT – Configuring VLANs and trunks

English, Linux, Technology, , , ,

This weekend I decided to finally upgrade the firmware on my Linksys WRT54GL wireless router. The whole reason I bought this router a few years back was because it supported third-party firmware based on Linux.

Up until now, Linksys firmware has been working great. I didn’t need more than a simple wireless router. But recently I’ve started playing with VMware ESXi, which led to a few virtual servers. And with a few virtual servers, there was also a need to make them accessible from the Internet. With the only way of opening up ports on my router was through my ISPs web page, and that every change needed to be accompanied by a reboot of my router, I decided it was time to set up my own firewall.

Support for VLANs

OpenWRT support VLANs, and this is one of the main reasons I wanted to upgrade to a third-party firmware. Running a firewall with just one network adapter isn’t really possible, unless you can split networks within the same physical medium. And that’s when VLANs come in to the picture. This technology makes it possible to have several different networks within the same physical medium. Even the with the same network addresses.

The firewall, which is a virtual machine, doesn’t know that the host it’s running on only has one network adapter. I gave the firewall three adapters, all connected to different virtual switches. These switches tag their traffic with VLAN data and sends it to my Linksys router, which in also was configured the same way. One port on the router could hand out data for VLAN1, the next port for VLAN2.

In my setup, the traffic coming from Internet is connected to a port in VLAN2. This is sent, along with data in VLAN3, via port 4 to the ESXi host. Here the traffic is divided into virtual switches. One switch for each VLAN. So my firewall is connected to both the switch for VLAN2, and for VLAN3. VLAN2 is being labeled as WAN, while VLAN3 is labeled LAN. I also have a VLAN4 named SERVERS.

Installing OpenWRT

This is easy. If you haven’t installed a third-party firmware on your Linksys, you can use the web interface from Linksys to upgrade. Just as you would if you were to upgrade the original firmware. Download the correct image from OpenWRT, select it in the web interface and click the upgrade button.

After the new firmware is installed, the router will reboot and ready for configuration. By default the routers IP-address is 192.168.1.1. You can log in via telnet with no user name and password. It is advised to set a password at first log in. Doing so, telnet will be disabled and ssh enabled instead.

If you manage to lock yourself out, it’s possible to restart OpenWRT into a safe mode. Just take the power, when it starts up, press any button just when the DMZ light is lid. Now you can access it via telnet at address 192.168.1.1 again, no matter what address you have specified earlier. In safe mode you can change password and reconfigure firewall rules, if you have enabled a rule you shouldn’t have.

Setting up different VLANs (and trunking them)

First you should be aware of how the WRT54GL hardware is mapped internally. It is essential to understand the logic when configuring the router. The image shows the default configuration where port 1 – 4 is a regular switch on VLAN0, and the WAN port is separated on VLAN1. If you only want a dumb switch with 5 ports, you could put the WAN port into VLAN0 as well.

WRT54 internal architecture

The configuration file can be found under /etc/config/network. Here we can set the IP-address of the box, but also configure the ports. I only need a dumb switch with VLAN capabilities, so I won’t set up any fancy routing rules in this post.

config switch "eth0"
   option vlan0 "0t 5"
   option vlan1 "0t 5"
   option vlan2 "0t 4 5"
   option vlan3 "0t 3 2 5*"
   option vlan4 "0t 5"

In this setup I have created five VLANs, three of which are unused at the moment. VLAN3 is the default VLAN, as marked by the asterisk (*). Port 5, the internal, has to be included. Data on LAN port 4 (which is internally mapped as port 0), is tagged, which basically means it’s a trunk. If a port isn’t tagged, it can’t belong to more than one VLAN (except the internal port 5). If a port is tagged, it can’t be used by a computer which doesn’t support trunk or tagging.

My Internet connection is connected to the WAN-port on the router, also known as internal port 4. It belongs to VLAN2, and is tagged on LAN port 4, which is known as internal port 0. On the other side of LAN port 4 is my ESXi server, which supports trunking (surprise). VLAN2 then goes into my firewall, on the other side of my firewall is VLAN3, which goes over the same cable back to the OpenWRT box, which in turn distributes it to my main computer and media center on LAN port 1 and 2.

Conclusion

Linksys WRT54GL is a great product, and with third-party firmware such as OpenWRT, it’s even greater. This box can be transformed from a boring wireless router, to a full blown firewall if needed.

 

Can we trust The New Piratebay?

Technology, , ,

Earlier today it was annonced that The Piratebay might get sold to a Swedish company called Global Gaming Factory X (GGF) operated by Hans Pandeya, a man with a shady reputation (In Swedish).

For all we know, this might just be a PR stunt. But if so, it’s a bad one. I predict that if the sales go through, it will drive most of the users away and over to other file sharing sites. Just the idea of a corporation owning the TPB-user database is scary.

It’s been a nice 5-and-so years at The Piratebay, but I think I’ll go for a swim now, and I’m not sure if I ever will return. Also, this blows my “The Piratebay Preferred Partner”-joke I’ve been doing in the company for the last few years.

TweetDeck – My new favorite Twitter client.

Technology, , , ,

For the last few months I’ve been using  Twhirl to stay connected with the Twitter community, but my activity has of late  slowly been reduced next to nothing. Well, that’s until a good colleague of mine recommended TweetDeck last Friday. I’m back in the Twitter-sphere, and I’m loving it.

Both clients is written in Adobe AIR, which is a big bonus since it means I can run it both on my office Windows machine and my Linux machine at home. I think Adobe AIR is one of the most interesting technologies right now for web applications. Although all that come out of Adobe is slow and sluggish, it’s far better than the last “cross-platform” language that promised a trouble free world. Java. Java was also slow and sluggish, but unlike AIR, Java didn’t seem to work. If you got a application running on one machine, you could be sure it didn’t want to run on your next computer.

Back to the topic; Twitter is still going strong, and with the right tools it can continue to grow. The only question they have to sort out is how to make money. I don’t really see the Ad business as the right move right now. And as long as everyone can create a third-party client, such rubbish can easily be removed before it hits your eyes.

You may follow me on Twitter and read my rubbish. It’s mostly in Norwegian, but that might change.